]> gitweb.michael.orlitzky.com - apply-default-acl.git/blob - run-tests.sh
projects / apply-default-acl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
run-tests.sh: use auto-incrementing test numbers.
[apply-default-acl.git] / run-tests.sh
1 #!/bin/bash
2
3 #
4 # Exit codes
5 #
6
7 EXIT_SUCCESS=0
8
9 # Exit with this when a test fails.
10 EXIT_FAILURE=1
11
12 # We use a few system users in the tests. If these users aren't
13 # present, we exit with a different (non-EXIT_FAILURE).
14 EXIT_MISSING_USERS=2
15
16 # Define the users that we'll use in the tests below. We store the
17 # names as variables to avoid repeating them everywhere.
18 #
19 # WARNING: These must be in alphabetical order; otherwise the getfacl
20 # output will not match.
21 #
22 USERS=( bin daemon )
23
24 # Check to see if the above users exist. If not, bail.
25 for idx in $( seq 0 $((${#USERS[@]} - 1)) ); do
26 id "${USERS[idx]}" >/dev/null 2>&1
27
28 if [ $? -ne $EXIT_SUCCESS ]; then
29 echo "Error: missing test user ${USERS[idx]}." 1>&2
30 exit $EXIT_MISSING_USERS
31 fi
32 done
33
34 # The program name.
35 BIN=$(realpath src/apply-default-acl)
36
37 # The directory where we'll do all the ACL manipulation.
38 TESTDIR=test
39
40 # Will auto-increment.
41 TESTNUM=0
42
43 acl_reset() {
44 # Remove any ACLs on our test directory and remove its contents.
45 setfacl --remove-all --recursive "${TESTDIR}"
46 chmod 755 "${TESTDIR}"
47 rm -rf "${TESTDIR}"/*
48 }
49
50 compare() {
51 if [[ "${ACTUAL}" == "${EXPECTED}" ]]; then
52 echo "Success (#${TESTNUM})"
53 acl_reset
54 else
55 echo "Failure (#${TESTNUM})"
56 echo 'Expected result:'
57 echo '================'
58 echo "${EXPECTED}"
59 echo '================'
60 echo 'Actual result:'
61 echo '================'
62 echo "${ACTUAL}"
63 echo '================'
64 exit $EXIT_FAILURE
65 fi
66 }
67
68 # Start by removing and recreating the 'acl' directory.
69 rm -rf "${TESTDIR}"
70 mkdir "${TESTDIR}"
71
72
73 # When using a minimal ACL, the default user, group, and other
74 # permissions should all be propagated to the mode bits.
75 ((TESTNUM++))
76 TARGET="${TESTDIR}"/foo
77 touch "${TARGET}"
78 chmod 777 "${TARGET}"
79 setfacl -d -m user::r-- "${TESTDIR}"
80 setfacl -d -m group::r-- "${TESTDIR}"
81 setfacl -d -m other::r-- "${TESTDIR}"
82 $BIN "${TARGET}"
83
84 EXPECTED=$(cat <<EOF
85 user::r--
86 group::r--
87 other::r--
88
89 EOF
90 )
91
92 ACTUAL=$(getfacl --omit-header "${TARGET}")
93 compare
94
95 # Do the same thing as the last test, except with an extended ACL.
96 ((TESTNUM++))
97 setfacl -d -m user::r-- "${TESTDIR}"
98 setfacl -d -m group::r-- "${TESTDIR}"
99 setfacl -d -m other::r-- "${TESTDIR}"
100 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
101 touch "${TARGET}"
102 chmod 777 "${TARGET}"
103 $BIN "${TARGET}"
104
105 EXPECTED=$(cat <<EOF
106 user::r--
107 user:${USERS[0]}:rwx
108 group::r--
109 mask::rwx
110 other::r--
111
112 EOF
113 )
114
115 ACTUAL=$(getfacl --omit-header "${TARGET}")
116 compare
117
118
119 # A file shared by a group, should still be group-writable
120 # afterwards.
121 ((TESTNUM++))
122 touch "${TARGET}"
123 chmod 644 "${TARGET}"
124 setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}"
125 $BIN "${TARGET}"
126
127 EXPECTED=$(cat <<EOF
128 user::rw-
129 group::r--
130 group:${USERS[0]}:rwx #effective:rw-
131 mask::rw-
132 other::r--
133
134 EOF
135 )
136
137 ACTUAL=$(getfacl --omit-header "${TARGET}")
138 compare
139
140
141 # Same test as before except with a directory.
142 ((TESTNUM++))
143 setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}"
144 mkdir "${TARGET}"
145 chmod 755 "${TARGET}"
146 $BIN "${TARGET}"
147
148 EXPECTED=$(cat <<EOF
149 user::rwx
150 group::r-x
151 group:${USERS[0]}:rwx
152 mask::rwx
153 other::r-x
154 default:user::rwx
155 default:group::r-x
156 default:group:${USERS[0]}:rwx
157 default:mask::rwx
158 default:other::r-x
159
160 EOF
161 )
162
163 ACTUAL=$(getfacl --omit-header "${TARGET}")
164 compare
165
166
167 # With no default, things are left alone.
168 ((TESTNUM++))
169 touch "${TARGET}"
170 chmod 744 "${TARGET}"
171 $BIN "${TARGET}"
172
173
174 EXPECTED=$(cat <<EOF
175 user::rwx
176 group::r--
177 other::r--
178
179 EOF
180 )
181
182 ACTUAL=$(getfacl --omit-header "${TARGET}")
183 compare
184
185
186
187 # Since the default ACL will grant r-x to group/other, they will wind
188 # up with it.
189 ((TESTNUM++))
190 touch "${TARGET}"
191 chmod 744 "${TARGET}"
192 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
193 $BIN "${TARGET}"
194
195
196 EXPECTED=$(cat <<EOF
197 user::rwx
198 user:${USERS[0]}:rwx
199 group::r-x
200 mask::rwx
201 other::r-x
202
203 EOF
204 )
205
206 ACTUAL=$(getfacl --omit-header "${TARGET}")
207 compare
208
209
210 # Some named entries can be granted execute permissions as the result
211 # of reapplication.
212 ((TESTNUM++))
213 touch "${TARGET}"
214 chmod 744 "${TARGET}"
215 setfacl -m user:${USERS[1]}:rw "${TARGET}"
216 # If we don't add 'x' to the mask here, nobody can execute the file.
217 # setfacl will update the mask for us under most circumstances, but
218 # note that we didn't create an entry with an 'x' bit using setfacl --
219 # therefore, setfacl won't unmask 'x' for us.
220 setfacl -m mask::rwx "${TARGET}"
221 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
222 setfacl -d -m user:${USERS[1]}:rwx "${TESTDIR}"
223 $BIN "${TARGET}"
224
225 EXPECTED=$(cat <<EOF
226 user::rwx
227 user:${USERS[0]}:rwx
228 user:${USERS[1]}:rwx
229 group::r-x
230 mask::rwx
231 other::r-x
232
233 EOF
234 )
235
236 ACTUAL=$(getfacl --omit-header "${TARGET}")
237 compare
238
239
240 # We should not retain any entries that aren't in the default.
241 ((TESTNUM++))
242 touch "${TARGET}"
243 chmod 644 "${TARGET}"
244 setfacl -m user:${USERS[1]}:rw "${TARGET}"
245 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
246 $BIN "${TARGET}"
247
248 EXPECTED=$(cat <<EOF
249 user::rw-
250 user:${USERS[0]}:rwx #effective:rw-
251 group::r--
252 mask::rw-
253 other::r--
254
255 EOF
256 )
257
258 ACTUAL=$(getfacl --omit-header "${TARGET}")
259 compare
260
261
262 # A slightly modified test #1 to make sure it works right.
263 ((TESTNUM++))
264 TARGET="${TESTDIR}"/foo
265 touch "${TARGET}"
266 chmod 777 "${TARGET}"
267 setfacl -d -m user::r-- "${TESTDIR}"
268 $BIN "${TARGET}"
269
270 EXPECTED=$(cat <<EOF
271 user::r--
272 group::r-x
273 other::r-x
274
275 EOF
276 )
277
278 ACTUAL=$(getfacl --omit-header "${TARGET}")
279 compare
280
281
282 # If the default ACL mask denies execute, we should respect that
283 # regardless of the existing execute permissions.
284 ((TESTNUM++))
285 TARGET="${TESTDIR}"/foo
286 touch "${TARGET}"
287 chmod 777 "${TARGET}"
288 setfacl -m user:${USERS[0]}:rwx "${TESTDIR}"
289 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
290 setfacl -d -m mask::rw- "${TESTDIR}"
291 $BIN "${TARGET}"
292
293 EXPECTED=$(cat <<EOF
294 user::rwx
295 user:${USERS[0]}:rwx #effective:rw-
296 group::r-x #effective:r--
297 mask::rw-
298 other::r-x
299
300 EOF
301 )
302
303 ACTUAL=$(getfacl --omit-header "${TARGET}")
304 compare
305
306
307
308 # The --recursive mode should work normally if the argument is a
309 # normal file. See Test #1.
310 ((TESTNUM++))
311 TARGET="${TESTDIR}"/foo
312 setfacl -d -m user::r-- "${TESTDIR}"
313 setfacl -d -m group::r-- "${TESTDIR}"
314 setfacl -d -m other::r-- "${TESTDIR}"
315 touch "${TARGET}"
316 chmod 777 "${TARGET}"
317 $BIN --recursive "${TARGET}"
318
319 EXPECTED=$(cat <<EOF
320 user::r--
321 group::r--
322 other::r--
323
324 EOF
325 )
326
327 ACTUAL=$(getfacl --omit-header "${TARGET}")
328 compare
329
330
331 # The --recursive mode should work recursively.
332 ((TESTNUM++))
333 TARGET="${TESTDIR}"/foo
334 mkdir -p "${TARGET}"
335 touch "${TARGET}"/baz
336 mkdir -p "${TARGET}"/bar
337 touch "${TARGET}"/bar/quux
338 setfacl -d -m user::rwx "${TESTDIR}"
339 setfacl -d -m group::r-- "${TESTDIR}"
340 setfacl -d -m other::r-- "${TESTDIR}"
341 chmod -R 777 "${TARGET}"
342 $BIN --recursive "${TARGET}"
343
344 EXPECTED=$(cat <<EOF
345 user::rwx
346 group::r--
347 other::r--
348
349 EOF
350 )
351
352 ACTUAL=$(getfacl --omit-header "${TARGET}"/bar/quux)
353 compare
354
355
356 # The --recursive mode should work recursively. This time
357 # check a directory, and pass the short command-line flag.
358 ((TESTNUM++))
359 TARGET="${TESTDIR}"/foo
360 mkdir -p "${TARGET}"
361 touch "${TARGET}"/baz
362 mkdir -p "${TARGET}"/bar
363 touch "${TARGET}"/bar/quux
364 setfacl -d -m user::rwx "${TESTDIR}"
365 setfacl -d -m group::r-- "${TESTDIR}"
366 setfacl -d -m other::r-- "${TESTDIR}"
367 chmod -R 777 "${TARGET}"
368 $BIN -r "${TARGET}"
369
370 EXPECTED=$(cat <<EOF
371 user::rwx
372 group::r--
373 other::r--
374 default:user::rwx
375 default:group::r--
376 default:other::r--
377
378 EOF
379 )
380
381 ACTUAL=$(getfacl --omit-header "${TARGET}"/bar)
382 compare
383
384
385 # Test double application on a directory.
386 #
387 ((TESTNUM++))
388 TARGET="${TESTDIR}"/baz
389 mkdir "${TARGET}"
390 chmod 644 "${TARGET}"
391 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
392
393 $BIN "${TARGET}"
394 $BIN "${TARGET}"
395
396 EXPECTED=$(cat <<EOF
397 user::rwx
398 user:${USERS[0]}:rwx
399 group::r-x
400 mask::rwx
401 other::r-x
402 default:user::rwx
403 default:user:${USERS[0]}:rwx
404 default:group::r-x
405 default:mask::rwx
406 default:other::r-x
407
408 EOF
409 )
410
411 ACTUAL=$(getfacl --omit-header "${TARGET}")
412 compare
413
414
415 # Same as previous test, with 755 initial perms.
416 #
417 ((TESTNUM++))
418 TARGET="${TESTDIR}"/baz
419 mkdir "${TARGET}"
420 chmod 755 "${TARGET}"
421 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
422
423 $BIN "${TARGET}"
424 $BIN "${TARGET}"
425
426 EXPECTED=$(cat <<EOF
427 user::rwx
428 user:${USERS[0]}:rwx
429 group::r-x
430 mask::rwx
431 other::r-x
432 default:user::rwx
433 default:user:${USERS[0]}:rwx
434 default:group::r-x
435 default:mask::rwx
436 default:other::r-x
437
438 EOF
439 )
440
441 ACTUAL=$(getfacl --omit-header "${TARGET}")
442 compare
443
444
445 # Same as previous two tests, only with a file.
446 #
447 ((TESTNUM++))
448 TARGET="${TESTDIR}"/foo
449 touch "${TARGET}"
450 chmod 644 "${TARGET}"
451 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
452
453 $BIN "${TARGET}"
454 $BIN "${TARGET}"
455
456 EXPECTED=$(cat <<EOF
457 user::rw-
458 user:${USERS[0]}:rwx #effective:rw-
459 group::r--
460 mask::rw-
461 other::r--
462 EOF
463 )
464
465 ACTUAL=$(getfacl --omit-header "${TARGET}")
466 compare
467
468
469 # User-executable files should not wind up exec-masked.
470 ((TESTNUM++))
471 TARGET="${TESTDIR}"/foo
472 touch "${TARGET}"
473 chmod 700 "${TARGET}"
474 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
475 $BIN "${TARGET}"
476
477 EXPECTED=$(cat <<EOF
478 user::rwx
479 user:${USERS[0]}:rwx
480 group::r-x
481 mask::rwx
482 other::r-x
483
484 EOF
485 )
486
487 ACTUAL=$(getfacl --omit-header "${TARGET}")
488 compare
489
490
491 # Group-executable files should not wind up exec-masked.
492 ((TESTNUM++))
493 TARGET="${TESTDIR}"/foo
494 touch "${TARGET}"
495 chmod 670 "${TARGET}"
496 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
497 $BIN "${TARGET}"
498
499 EXPECTED=$(cat <<EOF
500 user::rwx
501 user:${USERS[0]}:rwx
502 group::r-x
503 mask::rwx
504 other::r-x
505
506 EOF
507 )
508
509 ACTUAL=$(getfacl --omit-header "${TARGET}")
510 compare
511
512
513 # Other-executable files should not wind up exec-masked.
514 ((TESTNUM++))
515 TARGET="${TESTDIR}"/foo
516 touch "${TARGET}"
517 chmod 607 "${TARGET}"
518 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
519 $BIN "${TARGET}"
520
521 EXPECTED=$(cat <<EOF
522 user::rwx
523 user:${USERS[0]}:rwx
524 group::r-x
525 mask::rwx
526 other::r-x
527
528 EOF
529 )
530
531 ACTUAL=$(getfacl --omit-header "${TARGET}")
532 compare
533
534
535
536 # Test #16's setup repeated with the --no-exec-mask flag.
537 #
538 ((TESTNUM++))
539 TARGET="${TESTDIR}"/foo
540 touch "${TARGET}"
541 chmod 644 "${TARGET}"
542 # The directory allows execute for user, group, and other, so the file
543 # should actually inherit them regardless of its initial mode when the
544 # --no-exec-mask flag is passed.
545 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
546
547 $BIN --no-exec-mask "${TARGET}"
548
549 EXPECTED=$(cat <<EOF
550 user::rwx
551 user:${USERS[0]}:rwx
552 group::r-x
553 mask::rwx
554 other::r-x
555 EOF
556 )
557
558 ACTUAL=$(getfacl --omit-header "${TARGET}")
559 compare
560
561
562
563 # Test #20 repeated recursively to make sure the flags play nice
564 # together.
565 ((TESTNUM++))
566 PARENT_DIR="${TESTDIR}"/foo
567 TARGET="${PARENT_DIR}"/bar
568 mkdir "${PARENT_DIR}"
569 touch "${TARGET}"
570 chmod 644 "${TARGET}"
571 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
572
573 $BIN --recursive --no-exec-mask "${PARENT_DIR}"
574
575 EXPECTED=$(cat <<EOF
576 user::rwx
577 user:${USERS[0]}:rwx
578 group::r-x
579 mask::rwx
580 other::r-x
581 EOF
582 )
583
584 ACTUAL=$(getfacl --omit-header "${TARGET}")
585 compare
586
587
588 # Make sure a mask with an execute bit doesn't count as being
589 # executable.
590 #
591 ((TESTNUM++))
592 TARGET="${TESTDIR}"/foo
593 touch "${TARGET}"
594 chmod 644 "${TARGET}"
595 setfacl -m user::rw "${TARGET}"
596 setfacl -m group::rw "${TARGET}"
597 # Even though the mask has an 'x' bit, nobody can execute it.
598 setfacl -m mask::rwx "${TARGET}"
599 setfacl -d -m user::rwx "${TESTDIR}"
600 setfacl -d -m group::rwx "${TESTDIR}"
601 $BIN "${TARGET}"
602
603
604 EXPECTED=$(cat <<EOF
605 user::rw-
606 group::rw-
607 other::r--
608
609 EOF
610 )
611
612 ACTUAL=$(getfacl --omit-header "${TARGET}")
613 compare
614
615
616 # Same as test #2, except we pass multiple files on the command
617 # line and check the result of the first one.
618 ((TESTNUM++))
619 setfacl -d -m user::r-- "${TESTDIR}"
620 setfacl -d -m group::r-- "${TESTDIR}"
621 setfacl -d -m other::r-- "${TESTDIR}"
622 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
623 DUMMY="${TESTDIR}/dummy"
624 touch "${DUMMY}"
625 chmod 777 "${DUMMY}"
626 touch "${TARGET}"
627 chmod 777 "${TARGET}"
628 $BIN "${TARGET}" "${DUMMY}"
629
630 EXPECTED=$(cat <<EOF
631 user::r--
632 user:${USERS[0]}:rwx
633 group::r--
634 mask::rwx
635 other::r--
636
637 EOF
638 )
639
640 ACTUAL=$(getfacl --omit-header "${TARGET}")
641 compare
642
643
644
645 # Same as the previous test with the argument order switched.
646 ((TESTNUM++))
647 setfacl -d -m user::r-- "${TESTDIR}"
648 setfacl -d -m group::r-- "${TESTDIR}"
649 setfacl -d -m other::r-- "${TESTDIR}"
650 setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
651 DUMMY="${TESTDIR}/dummy"
652 touch "${DUMMY}"
653 chmod 777 "${DUMMY}"
654 touch "${TARGET}"
655 chmod 777 "${TARGET}"
656 $BIN "${DUMMY}" "${TARGET}"
657
658 EXPECTED=$(cat <<EOF
659 user::r--
660 user:${USERS[0]}:rwx
661 group::r--
662 mask::rwx
663 other::r--
664
665 EOF
666 )
667
668 ACTUAL=$(getfacl --omit-header "${TARGET}")
669 compare
670
671
672 # If we call apply-default-acl on a single file that does not exist,
673 # we get the expected error.
674 ((TESTNUM++))
675 ACTUAL=$( "${BIN}" test/nonexistent 2>&1 )
676 EXPECTED="test/nonexistent: No such file or directory"
677 compare
678
679 # Same as the previous test, but with --recursive.
680 ((TESTNUM++))
681 ACTUAL=$( "${BIN}" --recursive test/nonexistent 2>&1 )
682 EXPECTED="test/nonexistent: No such file or directory"
683 compare
684
685 # If we call apply-default-acl on more than one file, it should report any
686 # that don't exist (but proceed to operate on the others).
687 ((TESTNUM++))
688 DUMMY1="${TESTDIR}/dummy1"
689 DUMMY2="${TESTDIR}/dummy2"
690 touch "${DUMMY1}" "${DUMMY2}"
691 ACTUAL=$( "${BIN}" "${DUMMY1}" test/nonexistent "${DUMMY2}" 2>&1 )
692 EXPECTED="test/nonexistent: No such file or directory"
693 compare
694
695
696 # Ensure that symlinks are not followed.
697 ((TESTNUM++))
698 TARGET="${TESTDIR}/foo"
699 LINK2TARGET="${TESTDIR}/foo-sym"
700 touch "${TARGET}"
701 ln -s "${TARGET#${TESTDIR}/}" "${LINK2TARGET}"
702 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}"
703 "${BIN}" "${LINK2TARGET}"
704 ACTUAL=$( getfacl --omit-header "${TARGET}" )
705 EXPECTED=$(cat <<EOF
706 user::rw-
707 group::r--
708 other::r--
709
710 EOF
711 )
712 compare
713
714
715 # Ensure that symlinks are not followed in subdirectories
716 # (recursively).
717 ((TESTNUM++))
718 TARGET="${TESTDIR}/bar"
719 touch "${TARGET}"
720 mkdir "${TESTDIR}/foo"
721 LINK2TARGET="${TESTDIR}/foo/bar-sym"
722 ln -s "../bar" "${LINK2TARGET}"
723 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}/foo"
724 EXPECTED=$(getfacl --omit-header "${TARGET}")
725 "${BIN}" --recursive "${TESTDIR}/foo"
726 ACTUAL=$( getfacl --omit-header "${TARGET}" )
727 compare
728
729
730 # Ensure that hard links are ignored.
731 ((TESTNUM++))
732 TARGET="${TESTDIR}/foo"
733 LINK2TARGET="${TESTDIR}/bar"
734 touch "${TARGET}"
735 ln "${TARGET}" "${LINK2TARGET}"
736 setfacl --default --modify user:${USERS[0]}:rwx "${TESTDIR}"
737 "${BIN}" "${LINK2TARGET}"
738 ACTUAL=$( getfacl --omit-header "${TARGET}" )
739 EXPECTED=$(cat <<EOF
740 user::rw-
741 group::r--
742 other::r--
743
744 EOF
745 )
746 compare
747
748
749 # We should be able to run the tool with a relative path from within a
750 # directory that contains a symlink, so long as the relative path
751 # doesn't contain one.
752 ((TESTNUM++))
753 TARGET="${TESTDIR}/foo/bar"
754 LINK2TARGET="${TESTDIR}/baz"
755 mkdir -p $(dirname "${TARGET}")
756 touch "${TARGET}"
757 ln -s foo "${TESTDIR}/baz"
758 setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
759 pushd "${TESTDIR}/baz" > /dev/null
760 "${BIN}" bar
761 popd > /dev/null
762 ACTUAL=$( getfacl --omit-header "${TARGET}" )
763 EXPECTED=$(cat <<EOF
764 user::rw-
765 user:${USERS[0]}:rw-
766 group::r--
767 mask::rw-
768 other::r--
769
770 EOF
771 )
772 compare
773
774
775 # Ensure that symlinks in non-terminal path components are not followed.
776 ((TESTNUM++))
777 TARGET="${TESTDIR}/foo/bar/baz"
778 LINK2FOO="${TESTDIR}/quux"
779 mkdir -p $(dirname "${TARGET}")
780 touch "${TARGET}"
781 ln -s foo "${LINK2FOO}"
782 setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
783 EXPECTED=$(getfacl --omit-header "${TARGET}")
784 "${BIN}" "${LINK2FOO}/bar/baz"
785 ACTUAL=$( getfacl --omit-header "${TARGET}" )
786 compare
787
788
789 # Test that our exit code succeeds on a single, normal path.
790 ((TESTNUM++))
791 TARGET="${TESTDIR}/foo"
792 touch "${TARGET}"
793 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
794 "${BIN}" "${TARGET}"
795 ACTUAL="$?"
796 EXPECTED="0"
797 compare
798
799
800 # Test that our exit code fails on a symlink.
801 ((TESTNUM++))
802 TARGET="${TESTDIR}/bar"
803 touch "${TESTDIR}/foo"
804 ln -s foo "${TARGET}"
805 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
806 "${BIN}" "${TARGET}"
807 ACTUAL="$?"
808 EXPECTED="1"
809 compare
810
811
812 # The previous test should fail, even if we use --recursive.
813 ((TESTNUM++))
814 TARGET="${TESTDIR}/bar"
815 touch "${TESTDIR}/foo"
816 ln -s foo "${TARGET}"
817 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
818 "${BIN}" --recursive "${TARGET}"
819 ACTUAL="$?"
820 EXPECTED="1"
821 compare
822
823
824 # Test the return value for nonexistent paths.
825 ((TESTNUM++))
826 TARGET="${TESTDIR}/foo"
827 "${BIN}" "${TARGET}" &>/dev/null
828 ACTUAL="$?"
829 EXPECTED="1"
830 compare
831
832
833 # Test that one "failure" exit code overrides two "successes"
834 # We need a default ACL on ${TESTDIR} because otherwise we do
835 # nothing, successfully, on the symlink path.
836 ((TESTNUM++))
837 mkdir "${TESTDIR}/foo"
838 ln -s foo "${TESTDIR}/bar"
839 mkdir "${TESTDIR}/baz"
840 setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
841 "${BIN}" "${TESTDIR}/foo" "${TESTDIR}/bar" "${TESTDIR}/baz"
842 ACTUAL="$?"
843 EXPECTED="1"
844 compare
845
846
847 # The failure should prevail when using --recursive, too.
848 ((TESTNUM++))
849 mkdir "${TESTDIR}/foo"
850 ln -s foo "${TESTDIR}/bar"
851 mkdir "${TESTDIR}/baz"
852 "${BIN}" --recursive "${TESTDIR}"
853 ACTUAL="$?"
854 EXPECTED="1"
855 compare
856
857
858 # We should get "Not a directory" if we stick a trailing slash on the
859 # end of the path to a file.
860 ((TESTNUM++))
861 TARGET="${TESTDIR}/foo"
862 touch "${TARGET}"
863 ACTUAL=$( "${BIN}" "${TARGET}/" 2>&1 )
864 EXPECTED="${TARGET}/: Not a directory"
865 compare
866
867
868 # We should be a no-op on files contained in directories that have no
869 # default ACL.
870 ((TESTNUM++))
871 TARGET="${TESTDIR}/foo"
872 touch "${TARGET}"
873 setfacl --modify user:${USERS[0]}:rw "${TARGET}"
874 EXPECTED=$( getfacl --omit-header "${TARGET}" )
875 "${BIN}" "${TARGET}"
876 ACTUAL=$( getfacl --omit-header "${TARGET}" )
877 compare
878
879
880 # We should be a no-op on directories contained in directories that
881 # have no default ACL (same as the previous test, but with a directory).
882 ((TESTNUM++))
883 TARGET="${TESTDIR}/foo"
884 mkdir "${TARGET}"
885 setfacl --modify user:${USERS[0]}:rw "${TARGET}"
886 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
887 EXPECTED=$( getfacl --omit-header "${TARGET}" )
888 "${BIN}" --recursive "${TARGET}"
889 ACTUAL=$( getfacl --omit-header "${TARGET}" )
890 compare
891
892
893 # Make sure we descend into subdirectories that don't have default ACLs.
894 ((TESTNUM++))
895 TARGET="${TESTDIR}/foo/bar/baz"
896 mkdir -p $(dirname "${TARGET}")
897 touch "${TARGET}"
898 touch "${TARGET}-direct"
899 setfacl --default --modify user:${USERS[0]}:rw $(dirname "${TARGET}")
900 "${BIN}" "${TARGET}-direct"
901 EXPECTED=$( getfacl --omit-header "${TARGET}-direct" )
902 "${BIN}" --recursive "${TESTDIR}"
903 ACTUAL=$( getfacl --omit-header "${TARGET}" )
904 compare
905
906
907 # Ensure that we don't get "error" results for symlinks encountered
908 # during a recursive traversal.
909 ((TESTNUM++))
910 TARGET="${TESTDIR}"
911 mkdir "${TARGET}/foo"
912 mkdir "${TARGET}/bar"
913 ln -s "../foo" "${TARGET}/bar/baz"
914 setfacl --default --modify user:${USERS[0]}:rw "${TARGET}"
915 EXPECTED="1"
916 "${BIN}" --recursive "${TARGET}"
917 ACTUAL=$?
918 compare
Applies default POSIX ACLs to files and directories.